Running Head: COMPARISON OF OWASP AND OSSTMM

m
er as
co
eH w
o.
rs e
ou urc
o
aC s

Compare and Contrast OWASP with OSSTMM Methodology

v i y re

Student Name
ed d
ar stu

University
sh is
Th

This study source was downloaded by 100000802316591 from CourseHero.com on 06-04-2021 16:26:31 GMT -05:00

https://www.coursehero.com/file/31813583/Computer-Science-274408443docx/
 COMPARISON OF OWASP AND OSSTMM

The two types of penetrating testing are OSSTMM and OWASP that are used for

testing different computer systems and devices in order to find weaknesses and vulnerabilities

that an attacker will find with legal permission of finding them. There are many advantages

and disadvantages of using these types and they are opted according to the situation or

condition.

OSSTMM stands for Open Source Security Testing Methodology Manual. Its last

edition was revised in 2010. OSSTMM mainly includes the testing methods and strategies

that are used to test any type of systems, software, applications etc. Like the other testing

m
methods, OSSTMM is used in computer systems in order to keep the devices and programs

er as
co
according to the requirements, error free and up to the expectations of the customers. The

eH w
o.
most significant areas that it covers are security, ethical hacking, testing, and security
rs e
ou urc
assessment (Kang, Cho, Shin & Kim, 2015). The test modules are available in OSSTMM

which are communication security testing, physical security testing, internet technology
o

security setting and process security testing. The further working is being done on OSSTMM
aC s
v i y re

if we consider the high-level research focus but several things are untouched like

management, tools and technological advancements. The proper management of tests is not
ed d
ar stu

discussed that leads to bad planning and unexpected results. It becomes a reason of many

problems that can occur in the final stages. In addition to this, it is not easy to use and the
sh is

integration in the context of IT management OSSTMM does not provide adequate services.
Th

Also, technical descriptions, tools, and threat analysis are not providing good results.

Additionally, the latest versions require the paid subscription that adds hindrance. This proves

as a hindrance for the people who cannot afford the paid subscription but they want to use the

service.

Apart from the disadvantages of the OSSTMM approach, the satisfactory factors that

provide good appearance are scalability and coverage by OSSTMM. It provides flexibility for

This study source was downloaded by 100000802316591 from CourseHero.com on 06-04-2021 16:26:31 GMT -05:00

https://www.coursehero.com/file/31813583/Computer-Science-274408443docx/
 COMPARISON OF OWASP AND OSSTMM

pen testers during testing phases. The utilization of OSSTMM provides a deep understanding

of interconnected things. The interconnection of things requires interactions that can be direct

or passive. It is easier to modify according to organizational needs. Also, frequent updates are

available according to new versions. Thus, keeping in view the advantages of this approach, it

can be used when precise and accurate results are required.

OWASP stands for Open Web Application Security Project. OWASP includes the

different software development life cycles and it is made up of many different phases. It

mainly focuses on improvement of web security and services. A community of web security

m
development tools was built that provides much ease to developers and contributors. It was

er as
co
last revised in 2014.OWASP technical level descriptions are very strong. It provides large

eH w
o.
scalability and tools for development or testing (Klíma, 2016). It is easy to use and threat
rs e
ou urc
analysis is judged partially during the testing phase. In addition to this, its main success factor

is that it is free and open. The website is not run for profit and is not driven for any
o

commercial purposes. While another side of the story is that OWASP coverage is not on large
aC s
v i y re

scale. It is one of the risk-based approaches.

As all the pros and cons of penetrating tests are discussed but there is not a single
ed d
ar stu

approach that covers all areas of research and tests. The final results due to these weaknesses

are not easily comparable and all the security level approaches are average standards for
sh is

measuring these parameters. Further research and improvement are focused on combining the
Th

existing sets of standards with Penetration Testing Execution Standard which is also a

comprehensive description of different testing processes. It aims to cover the negative points

of the testing methods and provide the best possible results using the latest methods.

This study source was downloaded by 100000802316591 from CourseHero.com on 06-04-2021 16:26:31 GMT -05:00

https://www.coursehero.com/file/31813583/Computer-Science-274408443docx/
 COMPARISON OF OWASP AND OSSTMM

References

Kang, Y., Cho, H., Shin, Y., & Kim, J. (2015). Comparative Study of Penetration Test

Methods. doi: 10.14257/astl.2015.87.08

Klíma, T. (2016). PETA: Methodology of Information Systems Security Penetration Testing.

Acta Informatica Pragensia, 5(2), 98-117. doi: 10.18267/j.aip.88

m
er as
co
eH w
o.
rs e
ou urc
o
aC s
v i y re
ed d
ar stu
sh is
Th

This study source was downloaded by 100000802316591 from CourseHero.com on 06-04-2021 16:26:31 GMT -05:00

https://www.coursehero.com/file/31813583/Computer-Science-274408443docx/
Powered by TCPDF (www.tcpdf.org)